Privacy Policy

CMPA and privacy

At the Canadian Medical Protective Association (CMPA) we understand the importance of privacy and the protection of personal information. The CMPA and its subsidiaries1 place the highest value on ensuring the privacy and confidentiality of personal information entrusted to us and strive to comply with all legal and regulatory requirements.

This policy also complies with the requirements of Canada's Anti-Spam Legislation (CASL) to ensure that appropriate consent has been obtained prior to sending electronic communications subject to CASL and that required unsubscribe mechanisms are readily available.

This privacy policy governs personal information collected by the CMPA from or about individuals. As further outlined in this policy, the CMPA collects, uses, and discloses information for the purposes of understanding members’ medical-legal needs, providing medical-legal services and risk management/reduction and other practice solutions to its members. The CMPA also collects, uses, and discloses personal information to respond to inquiries it receives from individuals who are not members of the CMPA. The CMPA collects, uses, and discloses personal information, including electronic contact information, for reasons that are consistent with these purposes, or as permitted or mandated by law. Personal information is kept securely and retained only as long as necessary to fulfil its purpose. Except in limited circumstances, you have a right to access the information collected about you, within a reasonable time frame, in accordance with existing legislation.

The CMPA will, from time to time, review and revise its privacy practices and this privacy policy. Policy changes will apply to the information collected from the date of the revised privacy policy as well as to existing information held by the CMPA at the time of amendment. Updates to this privacy policy will be published on our website. Members will be reminded of our privacy policy and any updates with their annual billing reminder. Should you have any questions or concerns, you are invited to contact the CMPA Privacy Office.

Personal information collected via the CMPA's website is subject to the CMPA Privacy Statement for CMPA website and members-only area, which is incorporated by reference as part of this privacy policy.

Collection and use of personal information

The CMPA collects personal information to fulfill the mandate of the CMPA, which includes:

providing support to members with provincial or territorial reimbursement programs, third party payer groups (e.g. groups who pay membership fees on a member’s behalf), and provincial or territorial medical regulatory authorities (Colleges)

facilitating the use of the national physician identification system known as the Medical Identification Number for Canada (MINC)

providing information about the services offered by CMPA and its subsidiary companies, as well as other service providers

responding to inquiries received from individuals who are not members of the CMPA

meeting legal or regulatory requirements

Personal information is generally collected from the individual directly. The CMPA's use of personal information is limited to these purposes or is consistent with them.

We consider "personal information" to mean information, recorded in any form, about an identified individual, or an individual whose identity may be inferred or determined from the information. When you provide personal information, you agree and consent that the CMPA may collect, use, and disclose your personal information in accordance with this privacy policy. The CMPA and its subsidiaries do not sell, trade, barter, exchange or disclose for consideration any personal information. You are free to withdraw your consent. However, if you choose not to provide us with consent to collect, use, or disclose personal information, we may not be able to offer the services requested.

To the extent that any communication from the CMPA or its subsidiaries qualifies as a "commercial electronic message" under CASL, the message will only be sent if appropriate consent has been obtained and a required unsubscribe mechanism is readily available. The term "commercial electronic message" is defined under CASL and includes an electronic message (e.g., email, instant messaging, text messaging) that offers to purchase, sell, barter or lease a product, good, or service; provide a business opportunity; or advertise or promote any of these items. You are free at any time to unsubscribe from receiving any future commercial electronic messages that may be sent by the CMPA or its subsidiaries.

Disclosure of your personal information

The CMPA will generally only disclose your personal information for a purpose consistent with this privacy policy.

Confirming membership

The CMPA may disclose personal information to confirm or support your membership with third parties, including:

hospitals, universities, clinics, and third party payer groups (e.g. groups who pay membership fees on a member's behalf) with whom you work

the Medical Identification Number for Canada (MINC)

At your direction and with consent, the CMPA will also provide information to other organizations with whom you interact in the course of your practice that have a legitimate interest in confirming your CMPA membership. When the CMPA confirms or supports membership with third parties, medical-legal information will not be released. A list of medical associations, provincial or territorial governments, and Colleges with whom the CMPA exchanges personal information may be obtained from the CMPA website or by contacting the CMPA. The CMPA will only disclose personal information to organizations where the organization agrees to use such personal information solely for the purposes for which it was provided and only as long as necessary for the purpose of the collection and to protect the information using appropriate means of security.

Sharing information with CMPA subsidiaries

The CMPA may share personal information with its subsidiaries, such as your mailing address, contact and demographic information, for the purposes of offering particular services that may be of benefit to you. The CMPA may also share information with its subsidiaries to confirm membership with the CMPA or to update any contact information. For example, if you are a CMPA member and a client of a CMPA subsidiary, when you inform us of an address change, this information will be changed for both organizations. The CMPA will not share members' personal medical-legal information with its subsidiaries without explicit permission.

Disclosing information without consent

There are some circumstances where the CMPA may disclose personal information without consent. Such circumstances include where the CMPA:

is permitted or required by law, or by order of a court or tribunal

believes, upon reasonable grounds, that it is necessary to protect the safety of an identifiable person or group

believes it is necessary to establish or collect fees

believes it necessary to permit us to provide approved services, pursue or investigate available remedies (including legal remedies through a civil or criminal court process), or limit any damages that we may have or are likely to sustain

believes the information is public

Where obliged or permitted to disclose information without consent, the CMPA will not disclose more information than is required.

The CMPA will only disclose personal information about former members in accordance with this privacy policy. The CMPA retains the right to use non-identifiable information in any ethical way that it determines appropriate.

Accuracy and retention

The CMPA endeavours to ensure that any personal information in its possession is accurate, current and complete. Information contained in files that have been closed is not actively updated or maintained. The CMPA generally retains personal information as long as the CMPA believes it is necessary to fulfil the purpose for which it was collected. Once this purpose has been fulfilled, the CMPA destroys the information in a secure manner that protects the privacy of the individual to which the information relates. The CMPA's retention policy is reviewed and updated regularly.

Protection of personal information

The CMPA endeavours to maintain adequate physical, procedural, and technical security with respect to its offices and information storage capabilities so as to prevent any loss, misuse, unauthorized access, disclosure, or modification of personal information. This commitment also applies to the disposal or destruction of personal information.

As part of those precautions, we restrict access to personal information to those employees and, under appropriate confidentiality agreements, external service providers we determine need to know that information in order that the CMPA may provide its services. The CMPA treats employee misuse of personal information as a serious offence for which disciplinary action may be taken. The CMPA is also prepared to take all appropriate steps to enforce the provisions of confidentiality agreements with external parties.

The CMPA may rely on external service providers who are located in the United States and other countries. Some personal information collected by the CMPA may therefore be retained in countries other than Canada where privacy laws may offer different levels of protection from those in Canada, and personal information may be subject to access by and disclosure to law enforcement agencies in those jurisdictions.

We audit our procedures and security measures, as appropriate, to ensure that they remain effective and reasonable. We take reasonable steps to confirm service providers adhere to accepted standards of information security.

Access to your personal information

The CMPA strives to provide access to personal information in keeping with all applicable legislation. The CMPA may decline to provide access to personal information in accordance with existing legislation. We will provide information from our records in a form that is easy to understand, and will also endeavour to provide explanations for any abbreviations or codes used. When possible, the CMPA will also provide a list of organizations that may have received such information.

We may charge a reasonable cost (e.g. photocopying, mail charges) to the individual making the request.

The CMPA reserves the right to decline to provide access to personal information where the information requested:

would disclose personal information about a third party

would reveal confidential commercial information

could reasonably result in serious harm to an individual

may harm or interfere with law enforcement activities and other investigative or regulatory functions of a body authorized by law to perform such functions

was generated in the course of a formal dispute resolution process

is subject to solicitor-client or litigation privilege, or a professional privilege or obligation

is not readily retrievable and the burden or cost of providing would be disproportionate to the nature or value of the information

does not exist, is not held, or cannot be found by the CMPA

any other grounds under applicable legislation

Where information will not or cannot be disclosed, the individual making the request will be provided with the reasons for non-disclosure.

The CMPA will not respond to repetitive or vexatious requests for access and, in doing so, will consider such factors as the frequency with which information is updated, the purpose for which the information is used, and the nature of the information. To guard against fraudulent requests for access, the CMPA may require sufficient information to allow it to confirm the identity of the person making the request before granting access or making corrections.

Resolving your privacy concerns

In the event of questions about the collection, use, disclosure of or access to your personal information by the CMPA, or the CMPA's CASL procedures, visit our website or contact us: